KOBIL eSecure for SAP® R/3® - IVORY - Authentication Solutions
KOBIL eSecure for SAP® R/3® - IVORY - Authentication Solutions
KOBIL eSecure for SAP® R/3® - IVORY - Authentication Solutions
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Strong <strong>Authentication</strong><br />
Integrity<br />
Confidentiality<br />
Single Sign-On<br />
<strong>KOBIL</strong> <strong>eSecure</strong> <strong>for</strong> <strong>SAP®</strong> R/<strong>3®</strong><br />
certified <strong>for</strong> SAP NetWeaver
Protect Your SAP Data and SAP Access – The Easy Way – Anytime – Anywhere<br />
The Problem - Unprotected SAP-Data and -Access<br />
Intranet encryption is frequently disregarded as inessential <strong>for</strong> corporate security, and<br />
this even though in-house breaches should be considered the principal security risk<br />
according to the German privacy watchdog, the Federal Authority <strong>for</strong> the Security of<br />
In<strong>for</strong>mation Processing (BSI).<br />
Are you using the standard software, <strong>SAP®</strong> R/<strong>3®</strong>, <strong>for</strong> managing essential<br />
finance, customer and human resource data?<br />
Does it bother you that <strong>SAP®</strong> R/<strong>3®</strong> by default propagates such data in<br />
clear text through the network?<br />
Did you know that an authentication method based on just user name<br />
and password is easily compromised?<br />
Isn’t it a hassle to have to sign in again each time you’re using a different<br />
SAP system?<br />
Does your company have employees who dial into your SAP system from<br />
remote locations?<br />
Does your user support spend major amounts of time with the recovery<br />
of <strong>for</strong>gotten passwords?<br />
Here is your Solution - <strong>KOBIL</strong> <strong>eSecure</strong> <strong>for</strong> <strong>SAP®</strong> R/<strong>3®</strong> (certified <strong>for</strong> SAP<br />
NetWeaver)<br />
In a standard SAP system, <strong>SAP®</strong> R/<strong>3®</strong> data is sent through the network in clear text.<br />
Without any additional protection, this can easily lead to major security problems,<br />
because there is no way to ensure the authenticity, integrity and confidentiality of<br />
your data.<br />
In the context of the changed legislation (key word: the German “Basel II”<br />
requirements <strong>for</strong> banking supervision) and the tightened liability regime, many<br />
internal auditors and chartered accountants are well aware of this security gap and<br />
have called <strong>for</strong> the introduction of an appropriate security solution.<br />
This is why SAP has integrated an interface (SNC) that is used whenever a third party<br />
security product is deployed <strong>for</strong> just that purpose, that is, to set up a secure<br />
connection between the individual SAP components (client, application server, router,<br />
printer). To this end, all components need to be certified by a digital certificate.<br />
Appropriate hardware includes soft tokens, smartcards or USB tokens (such as <strong>KOBIL</strong><br />
mIDentity).<br />
In order to ensure the protection of sensitive corporate data, we offer you solutions<br />
that preserve your secret key (representing the basis of your entire security) against<br />
unauthorized access, always adjusted to the degree of security you need.
<strong>KOBIL</strong> <strong>eSecure</strong> <strong>for</strong> <strong>SAP®</strong> R/<strong>3®</strong> <strong>for</strong> safe SAP network connectivity offers exactly this kind of<br />
protection.<br />
It meets the following security features:<br />
Authenticity:<br />
Generating and replacing the session key ensures unique system access – anywhere,<br />
anytime.<br />
Confidentiality:<br />
By using the session key, you encrypt your data traffic <strong>for</strong> unauthorized third parties, thus<br />
protecting it effectively.<br />
Integrity:<br />
By using the session key (digital signature), you ensure that your data cannot be<br />
manipulated on its way to the respective recipient.<br />
Secure Single Sign-On:<br />
Since many employees consider the repeated login to the various SAP systems as little<br />
more than an routine nuisance, they tend to use passwords that are easy to memorize -<br />
and easy to crack. When using <strong>KOBIL</strong> <strong>eSecure</strong> <strong>for</strong> SAP, all you need to have as a user<br />
anymore is the password <strong>for</strong> your security token. Afterwards, you can directly access any<br />
SAP system allocated to you.<br />
Remote User<br />
Remote User<br />
1<br />
2<br />
3<br />
4 5 6<br />
7 8 9<br />
C 0 F<br />
Remote User<br />
Terminal<br />
Client<br />
Phone line<br />
Phone line<br />
Internet<br />
SNC<br />
SNC<br />
SSL<br />
ITS-Server<br />
Intranet<br />
Remote-<br />
Access-<br />
Server<br />
For more in<strong>for</strong>mation on our products, please visit www.kobil.com<br />
Router<br />
SNC<br />
SNC<br />
SAP GUI<br />
SAP GUI auf<br />
Terminal Server<br />
SNC<br />
SNC<br />
SNC<br />
SNC<br />
SAP LPD<br />
R/3 Applikationsserver<br />
RFC
<strong>KOBIL</strong> <strong>eSecure</strong> - Technical Details:<br />
SAP-Server: (<strong>KOBIL</strong> <strong>eSecure</strong> <strong>for</strong> <strong>SAP®</strong> R/<strong>3®</strong> is available <strong>for</strong> the following plat<strong>for</strong>ms)<br />
Linux<br />
SUN Solaris 2.7 & 2.8 – 32 Bit (UltraSPARC) & 64 Bit (SPARCV9+)<br />
Microsoft Windows 2003 Server 1<br />
Microsoft Windows 2000 Server 1 / Advanced Server Service Pack 4<br />
AIX plat<strong>for</strong>m coming soon (other plat<strong>for</strong>ms upon request)<br />
SAP GUI Clients:<br />
Microsoft Windows XP Service Pack 1<br />
Microsoft Windows 2000 Service Pack 4<br />
Microsoft Windows 2003 Server (SAP GUI onTerminal Server)<br />
Citrix MetaFrame XP FR2 & FR3 (SAP GUI on Terminal Server)<br />
Business Warehouse Client<br />
Certificates/Encryption:<br />
X.509v3<br />
168 Bit Triple DES (3DES)<br />
1024 Bit RSA<br />
<strong>Authentication</strong> Mechanisms:<br />
via PKCS#11 (<strong>KOBIL</strong> Smart Key, <strong>KOBIL</strong> mIDentity)<br />
via RADIUS OTP (<strong>KOBIL</strong> SecOVID)<br />
via PKCS#12 (Soft-Token)<br />
The Benefits of <strong>KOBIL</strong> <strong>eSecure</strong> <strong>for</strong> <strong>SAP®</strong> R/<strong>3®</strong> at a Glance:<br />
High cost effectiveness<br />
<strong>KOBIL</strong> offers <strong>KOBIL</strong> <strong>eSecure</strong> <strong>for</strong> <strong>SAP®</strong> R/<strong>3®</strong> as a bundle <strong>for</strong> the joint deployment together with soft<br />
tokens at a very af<strong>for</strong>dable value-<strong>for</strong>-money ratio (only through SecurIntegration GmbH). This<br />
ensures a potential increase in value <strong>for</strong> your user authentication and <strong>for</strong> the protection of your<br />
network resources.<br />
Protection of investment<br />
You can switch to the use of smartcards anytime: qualified signatures ensure a reduction of your<br />
process costs by avoiding media breaks.<br />
Unmatched flexibility<br />
Bringing you the only option worldwide that uses both certificates and one-time passwords (OTPs)<br />
<strong>for</strong> the protection of SAP systems, <strong>KOBIL</strong> offers you the highest degree of flexibility that money can<br />
buy. Which makes you the one to define the specific type of access security <strong>for</strong> each employee.<br />
Thus, you can even tie remote users effectively into your security infrastructure.<br />
Low Costs of Ownership<br />
The integrated solution portfolio – <strong>KOBIL</strong> being the only producer worldwide who develops and<br />
manufactures both its software and hardware (required to meet the highest security standards) –<br />
ensures a tested and time-proven interaction among all components involved, thus reducing the<br />
integration costs and the operative overhead.<br />
Easy deployment<br />
Thanks to the integrated software allocation, you can install the client by running an automatic<br />
setup. Regardless of whether you are using the Windows CA, <strong>KOBIL</strong> mIDmanager, or certificates by<br />
third party providers: the certified solution allows <strong>for</strong> interoperability of the highest degree.<br />
1 SAP-certified<br />
<strong>KOBIL</strong> Systems GmbH P<strong>for</strong>tenring 11 D-67547 Worms<br />
phone +49 (0)6241-3004-0 fax: +49 (0)6241-3004-80<br />
www.kobil.com